Which of the following is the BEST approach for configuring and scheduling the scan?

A security analyst is scanning the network to determine if a critical security patch was applied to all systems in an enterprise. The Organization has a very low tolerance for risk when it comes to resource availability.

Which of the following is the BEST approach for configuring and scheduling the scan?
A . Make sure the scan is credentialed, covers at hosts in the patch management system, and is scheduled during business hours so it can be terminated if it affects business operations.
B . Make sure the scan is uncredentialed, covers at hosts in the patch management system, and Is scheduled during of business hours so it has the least impact on operations.
C . Make sure the scan is credentialed, has the latest software and signature versions, covers all external hosts in the patch management system and is scheduled during off-business hours so it has the least impact on operations.
D . Make sure the scan is credentialed, uses a ironed plug-in set, scans all host IP addresses in the enterprise, and is scheduled during off-business hours so it has the least impact on operations.

View Answer

Answer: D

Explanation:

A vulnerability scan is a process of identifying and assessing known vulnerabilities in a system or network using automated tools or software1 A vulnerability scan can help improve the security posture of a vulnerability management program by detecting and prioritizing potential weaknesses that could be exploited by attackers.

To increase the security posture of a vulnerability scan, the following actions can be taken:

✑ Expand the ports being scanned to include all ports: This means scanning all possible ports on a system or network, not just the well-known or commonly used ones. This can help discover more vulnerabilities that may be hidden or overlooked on less frequently used ports.

✑ Increase the scan interval to a number the business will accept without causing service interruption: This means scanning more frequently or regularly, but not so often that it causes performance issues or downtime for the system or network. This can help keep up with new vulnerabilities that may emerge over time and reduce the window of opportunity for attackers.

✑ Enable authentication and perform credentialed scans: This means using login credentials or SSH keys on an asset to get deeper access to its data, processes, configurations, and vulnerabilities2 This can help discover more vulnerabilities that cannot be seen from the network, such as insecure versions of software or poor security permissions.

Reference: 1 What Is Vulnerability Scanning? | Qualys 2 Credentialed Scans: Why You Need Them – Lansweeper IT Asset Management